[development] Think there's a security problem in your module? Here's what to do.
Angela Byron
drupal-devel at webchick.net
Fri Jan 18 20:14:38 UTC 2008
Greg Knaddison - GVS wrote:
>> 5. Once a consensus is reached, commit it to your module on
>> cvs.security.drupal.org. Run through your normal testing procedures and
>> make sure things look good.
>
> I don't see how this adds much more value over:
>
> wget http://example.com/path_to_patch
> patch -p0 < security_patch_revision_3.patch
>
> But, if you and dww both really like this and want to work on it I
> certainly won't stand in the way. It seems lower value to me but I am
> not in charge of your schedules.
I'm definitely not married to it... This was just an attempt to address
the criticism that it's hard to test *exactly* what the end users would
be downloading once the security release is created. But you're right
that patch -p0 certainly does the trick. :)
Removing this step would eliminate one sync script that needs to be
written, the overhead required for management of a separate CVS
repository, and doesn't detract at all from the benefits of an open
dialog with developer participation in fixing the actual issue itself.
I'm +1 to its removal, but defer to dww since he knows a lot better than
me (or probably most of us ;)) what would be involved here, and how much
work it would actually cost/save.
-Angie
More information about the development
mailing list